Restoring an Amazon EC2 instance - Amazon Backup
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Restoring an Amazon EC2 instance

When using the console, you can perform restores with 16 options. If you need to set the other parameters, you must use the CLI or SDK.


Amazon Backup does not backup and restore user-data that is used while launching an Amazon EC2 instance.

Use the Amazon Backup console to restore Amazon EC2 recovery points

This is the recommended option.

To restore Amazon EC2 resources using the Amazon Backup console
  1. Open the Amazon Backup console at

  2. In the navigation pane, choose Protected resources and the Amazon EC2 resource ID that you want to restore.

  3. On the Resource details page, a list of recovery points for the selected resource ID is shown. To restore a resource, in the Backups pane, choose the radio button next to the recovery point ID of the resource. In the upper-right corner of the pane, choose Restore.

  4. In the Network settings pane, accept the defaults or specify the options for the Instance type, Virtual Private Cloud (VPC), Subnet, Security groups, and Instance IAM role settings.

  5. In the Restore role pane, accept the Default role or Choose an IAM role to specify the IAM role that Amazon Backup will assume for this restore.

  6. In the Advanced settings pane, accept the defaults or specify the options for the Shutdown behavior, Enable termination protection, Placement group, T2/T3 Unlimited, Tenancy, and User data settings. This section is used to customize shutdown and hibernation behavior, termination protection, placement groups, tenancy, and other advanced settings.

  7. After specifying all your settings, choose Restore backup.

    The Restore jobs pane appears. A message at the top of the page provides information about the restore job.

The Amazon Backup console allows you to restore Amazon EC2 recovery points with the following parameters and settings you can customize:

  • Instance type

  • Amazon VPC

  • Subnet

  • Security groups

  • IAM role

  • Shutdown behavior

  • Stop–hibernate behavior

  • Termination protection

  • T2/T3 unlimited

  • Placement group name

  • EBS-optimized instance

  • Tenancy

  • RAM disk ID

  • Kernel ID

  • User data

  • Deletion on termination

These parameters are prefilled to match the original backup. You can change them before restoring the instance. Amazon Backup identifies parameters with values that might not be valid or that might result in an invalid restore.

Restore Amazon EC2 with Amazon CLI

In the command line interface, start-restore-job allows you to restore with up to 32 parameters (including some parameters that are not customizable through the Amazon Backup console).

The following list is the accepted metadata you can pass to restore an Amazon EC2 recovery point.

InstanceType KeyName VpcId SubnetId Architecture EnaSupport SecurityGroupIds IamInstanceProfileName CpuOptions InstanceInitiatedShutdownBehavior HibernationOptions DisableApiTermination CreditSpecification Placement RootDeviceType RamdiskId KernelId UserData Monitoring NetworkInterfaces ElasticGpuSpecification CapacityReservationSpecification InstanceMarketOptions LicenseSpecifications EbsOptimized VirtualizationType Platform RequireIMDSv2 aws:backup:request-id

You can also restore an Amazon EC2 instance without including any stored parameters. This option is available on the Protected resource tab on the Amazon Backup console.


Amazon Backup will use the SSH key pair used at time of backup to automatically perform your restore.

Amazon Backup doesn't allow you to modify the instance profile. This is to prevent the possibility of privilege escalations. If you need to modify the instance profile, do so from Amazon EC2.

To successfully do a restore with the original instance profile, you must edit the restore policy. If you apply an instance profile during the restore, you have to update the operator role and add PassRole permissions of the underlying instance profile role to Amazon EC2. Otherwise, Amazon EC2 can't authorize the instance launch, and it will fail.

During a restore, all Amazon EC2 quotas and configuration restrictions apply.